Shadowleak: tricking your AI into hacking you

ChatGPT has reported they closed a vulnerability exploited by the Shadowleak malware that was disclosed recently by Radware. 

Shadowleak uses prompt injection, the attacker tries to feed instructions to your AI service.

Security vectors have been warning against such an attack vector: when you let for example AI summarise a web page, hackers could try to craft malicious web pages that try to trick that AI.

ShwdowLeak uses ChatGPT DeepSearch, an AI tool that helps you automate email jobs. Shadowleak sends a malicious email to you and DeepSearch will happily report on the content of your email archive to the attacker. 

Particlarly worrying about the attack is that it is executed entirely on the OpenAI servers, so you cannot detect on your local machine an attack is happening. 

Radware recommends to limit the actions an AI agent can take on your system to limit the damage of such attacks.

Windows powershell Get-Process: get parentprocess ID / name, get process using port...

Powershell command to get parent processes of all processes with a given name (e. g. javaw.exe):

Get-CimInstance Win32_Process -Filter "Name = 'javaw.exe'" | select ParentProcessId

Or in a script. This one takes the process name as a parameter and also shows the , this time with the parent process name: 

$targetProcessName = $args[0]

$targetProcessName = $args[0]
$targetProcesses = Get-CimInstance -ClassName Win32_Process -Filter "Name = '$targetProcessName'"

foreach ($process in $targetProcesses) {
    $parentProcessId = $process.ParentProcessId
    $parentProcess = Get-CimInstance -ClassName Win32_Process -Filter "ProcessId = $parentProcessId"
    Write-Output "Process: $($process.processId) $($process.Name), Parent Process: $($ParentProcessId)    $($parentProcess.Name)"
}

Powershell command to get ID of process occupying a port (e.g. 8080)

 Get-Process -Id (Get-NetTCPConnection -LocalPort 8080).OwningProcess

 Once you have the id you can shoot it using 

taskkill /PID <processid> /F